Tuesday, 14 May 2019

Oh No, NSO

A buffer-overflow vulnerability in WhatsApp is being exploited to remotely take over victims’ devices. All it took was a missed call to infect the app on iOS and Android.

The payload seems to have been the NSO Group’s Pegasus commercial spyware. This Israeli nasty is known for use against journalists, activists, lawyers, etc.—basically anyone certain governments want to spy on.

The patch is now available. In today’s SB Blogwatch, we scramble to update.